MISP
/
misp-modules
mirror of https://github.com/MISP/misp-modules
2
0
Fork 0
Code Issues Releases Wiki Activity

fix: [farsight_passivedns] Fixed queries to the API 

- Since flex queries input may be email addresses,
  we nake sure we replace '@' by '.' in the flex
  queries input.
- We also run the flex queries with the input as
  is first, before runnning them as second time
  with '.' characters escaped: '\\.'
pull/482/head
chrisr3d 2021-03-18 18:40:27 +01:00
parent f58f4aa9eb
commit c8c44e75bf
No known key found for this signature in database
GPG Key ID: 6BBED1B63A6D639F
1 changed files with 9 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

15
misp_modules/modules/expansion/farsight_passivedns.py
View File

@ -174,12 +174,15 @@ def add_flex_queries(flex):
def flex_queries(client, lookup_args, name):
response = {}
rdata = list(client.flex_rdata_regex(name.replace('.', '\\.'), **lookup_args))
if rdata:
response['flex_rdata'] = rdata
rrnames = list(client.flex_rrnames_regex(name.replace('.', '\\.'), **lookup_args))
if rrnames:
response['flex_rrnames'] = rrnames
name = name.replace('@', '.')
for feature in ('rdata', 'rrnames'):
to_call = getattr(client, f'flex_{feature}_regex')
results = list(to_call(name, **lookup_args))
for result in list(to_call(name.replace('.', '\\.'), **lookup_args)):
if result not in results:
results.append(result)
if results:
response[f'flex_{feature}'] = results
return response